Date: Thu, 19 Nov 2015 16:20:28 -0600 From: Brandon J. Wandersee <brandon.wandersee@gmail.com> To: Matthias Apitz <guru@unixarea.de> Cc: freebsd-questions@freebsd.org Subject: Re: ransomware virus on Linux Message-ID: <86y4dtiqc3.fsf@WorkBox.Home> In-Reply-To: <20151119064434.GB1925@c720-r276659.oa.oclc.org> References: <20151119064434.GB1925@c720-r276659.oa.oclc.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Matthias Apitz writes:
> Any comments?
>From what I've been able to glean, this seems a little bit overblown. I
don't doubt the effects are significant for the people experiencing
them, but it seems extremely limited. The program is said to "take advantage
of" an outdated, running instance of the Magento e-commerce software, so
I have to think that it can only be executed via Magento. It also
encrypts only directories that would absolutely require root privileges
to modify--e.g., it specifically encrypts /home, not individual user
directories, so even if you deliberately executed it as a regular user
it would have no effect.
So it only affects improperly configured servers that run outdated
versions of one specific piece of software. It's not something most of
us will have to ever worry about, and the onus really falls first on
Magento to prevent this sort of remote execution (which it apparently
did before the malware even made it into the wild), and then on sysadmins to
update to the newer, secure version.
--
=================================================================
:: Brandon Wandersee ::
:: brandon.wandersee@gmail.com ::
==================================================================
'A common mistake that people make when trying to design something
completely foolproof is to underestimate the ingenuity of complete
fools.'
- Douglas Adams
==================================================================
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86y4dtiqc3.fsf>